CVE-2025-62407: Frappe Unvalidated Childquery Key

Unvalidated dictionary keys are directly passed to ChildQuery without validation, which can allow an attacker to inject arbitrary SQL or unsupported SQL functions.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0

Python

greprules fetch cve-2025-62407-frappe-unvalidated-childquery-key --engine opengrep

Description

Unvalidated dictionary keys are directly passed to ChildQuery without validation, which can allow an attacker to inject arbitrary SQL or unsupported SQL functions.

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 145 downloads
0 direct145 via packs
· 0 stars · Quality score 73How quality works
Included packs: 2 packs

Community feedback

0 signals from signed-in users.

Useful: 0
False positive: 0
Metadata: 0